Amendments to the Claims 

1. (currently amended) A method for operating a public-key encryption scheme 

which provides for [[of]] sending a digital message M between a sender and a recipient in-a 
public - key encryption sch e m e comprising th e sender, the recipient and with participation of 
an authorizer as specified by operations (a) through (f) defined below, wherein the digital 
message is encrypted by the sender and decrypted by the recipient, the method comprising 
one or more of operations (R), (Au), (S), wherein: 

the operation (R) comprises the operations (a), (f); 

the operation (Au) comprises the operations (c), (d): 

the operation (S) comprises the operation (e); 

wherein the operations (a) through (f) are as follows : 

(a) generating a recipient public key/ recipient private key pai^ [[;]] 
wherein the recipient private key is a secret of the recipient; 

(b) generating a recipient encryption key; 

(c) selecting a key generation secret that is a secret of the authorizer; 

(d) generating a recipient decryption key using at least the key generation 
secret and the recipient encryption key, wherein a key formed from the recipient 
decryption key and a key formed from the recipient encryption key are a public key/ 
private key pair; 

(e) encrypting the digital message using at least the recipient public key 
and the recipient encryption key to create an encrypted digital message; and 

(f) decrypting the encrypted digital message using at least the recipient 
private key and the recipient decryption key. 
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2. (Original) The method of claim 1 , wherein the recipient encryption key is 
generated from information comprising the identity of the recipient. 

3. (Original) The method of claim 1, wherein the recipient encryption key is 
generated from information comprising a parameter defining a validity period for the 
recipient decryption key. 

4. (Original) The method of claim 1, wherein the recipient encryption key is 
generated from information comprising the recipient public key. 

5. (Original) The method of claim 1 , wherein the recipient encryption key is 
generated from information comprising the identity of the recipient, the recipient public key, 
and a parameter defining a validity period for the recipient decryption key 

6. (Original) The method of claim 1, wherein the recipient decryption key is 
generated by the authorizer according to a schedule known to the sender. 

7. (Original) The method of claim 6, wherein the recipient encryption key is 
generated using at least information comprising the schedule. 

8. (Original) The method of claim 1, wherein the recipient private key/ public 
key pair is generated using at least one system parameter issued by the authorizer. 

9. (currently amended) The method of claim 1, wherein generating the recipient 
decryption key is g e nerated by a method comprising comprises : 

(a) generating a first cyclic group Gi of elements and a second cyclic 
group G2 of elements; 
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(b) selecting a function e capable of generating an element of the second 
cyclic group G2 from two elements of the first cyclic group Gi; 

(e) selecting a generator P of the first cyclic group Gi; 

(d) selecting a random key generation secret sc associated with and 
known to aufhorizer; 

(e) generating a key generation parameter Q = sc P; 

(f) selecting a first function Hi capable of generating an element of the 
first cyclic group Gi from a first string of binary digits; 

(g) selecting a second function H 2 capable of generating a second string 
of binary digits from an element of the second cyclic group G2; 

(h) generating an element P B = /fi(Inf B ), wherein Inf B comprises a string 
of binary digits; and 

(i) generating a secret element S = ScPb associated with the recipient [[;]] 
wherein the secret element is the recipient decryption key. 

1 0. (Original) The method of claim 9, wherein Inf B comprises the identity of the 
recipient, ID re c, the recipient public key, and a parameter defining a validity period for the 
recipient decryption key. 

1 1 . (Original) The method of claim 9, wherein both the first group Gi and the 
second group G 2 are of the same prime order q. 

12. (Original) The method of claim 9 wherein the first cyclic group Gi is an 
additive group of points on a supersingular elliptic curve or abelian variety, and the second 
cyclic group G 2 is a multiplicative subgroup of a finite field. 
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1 3 . (Original) The method of claim 9 wherein the function e is a bilinear, non- 
degenerate, and efficiently computable pairing. 

14. (Original) The method of claim 9 wherein: 
sq is an element of the cyclic group Z IqZ ; 

Q is an element of the second cyclic group G 2 ; 

element Pb is an element of the first cyclic group Gi; and 

the secret element S is an element of the first cyclic group Gi. 

15. (currently amended) The method of claim 9, wherein encrypting the digital 
message M is encrypted by a method comprising comprises : 

generating the element P' B = Hr(ID rec ), wherein ID rec comprises the identity of the 
recipient and wherein Hy is a function capable of generating an element of the first cyclic 
group Gi from a string of binary digits; 

selecting a random key generation secret r; and 

encrypting the digital message M to form a ciphertext C ± [[;]] wherein C is set to be: 
C = [rP, M 0 H 2 (g r )], where g - 6 (Q, p B )§(s B P T j^) g = SfQ. P R WPK g . P e G 2i 
where PK g is the recipient public key . 

1 6. (Original) The method of claim 1 , wherein the recipient encryption key is 
generated from a document and the recipient decryption key is the authorizer's signature on 
the document. 

1 7. (currently amended) The method of claim 9, wherein encrypting the digital 
message M is encrypted by a method comprising comprises : 
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generating the element P' B = H r (ID rec ) wherein Hy is a function capable of 
generating an element of the first cyclic group Gi from a string of binary digits; 
choosing a random parameter 0 e {0,1}"; 
set a random key generation secret r = H3(g, M); and 

encrypting the digital message M to form a ciphertext C A [[;]] wherein C is set to be: 
C = [rP, M © H 2 (g r ), E H4( 0 )(M)] 5 where g = 6(Q, p^ eP^s) 
g = e(O.PRWPK B.P'^e G 2 , 
wherein PK g is the recipient public key, wherein H 3 is a function capable of generating an 

integer of the cyclic group Z IqZ from two strings of binary digits, H4 is a function capable 

of generating one binary string from another binary string, E is a s e cure symmetric 
encryption scheme, and H4(o) is the key used with E. 

18. (currently amended) A method for operating a public-key encryption scheme 
which provides for [[of]] sending a digital message between a sender and a recipient in-a 
public k e y encryption schem e comprising the s e nder, th e recipient and with participation of 
a plurality of authorizers as specified by operations (a) through (g) defined below , the 
plurality of authorizers including a root authorizer and n lower-level authorizers in a 
hierarchy between the root authorizer and the recipient, wherein n > 1, the method 
comprisin g one or more of operations (PQ, (RAu), f Au), (S). wherein: 

the operation (R) comprises the operations (a), (g); 

the operation (RAu) comprises the operations (c), fd); 

the operation (Au) comprises the operation (e): 

the operation (S) comprises the operation (f); 
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wherein the operations (a) through (g) are as follows : 

(a) generating a recipient public key/ private key pair for the 
recipient^ [[;]] wherein the recipient private key is a secret of the recipient; 

(b) generating a recipient encryption key using identity information of at 
least one of the recipient's ancestors; 

(c) selecting a root key generation secret that is a secret of the root 
authorizer; 

(d) generating a root key generation parameter based on the root key 
generation secret; 

(e) generating a recipient decryption key such that the recipient 
decryption key is related to the recipient encryption key, the root key generation 
secret and the associated root key generation parameter; 

(f) encrypting the digital message using the recipient public key and a 
recipient encryption key to create an encrypted digital message, wherein a key 
formed from the recipient decryption key and a key formed from the recipient 
encryption key are a public key/ private key pair; and 

(h) (g) decrypting the encod e d encrypted digital message to recover the 
digital message using at least the recipient private key and the recipient decryption 
key. 

19. (Original) The method of claim 18, wherein the recipient encryption key is 
generated from information comprising the identity of the recipient. 
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20. (Original) The method of claim 1 8, wherein the recipient encryption key is 
generated from information comprising a parameter defining a validity period for the 
recipient decryption key. 

21 . (Original) The method of claim 1 8, wherein the recipient encryption key is 
generated from information comprising the recipient public key. 

22. (Original) The method of claim 1 8, wherein the recipient encryption key is 
generated from information comprising the identity of the recipient, the recipient public key, 
and a parameter defining a validity period for the recipient decryption key. 

23 . (Original) The method of claim 1 8, wherein the recipient decryption key is 
generated according to a schedule known to the sender. 

24. (currently amended) The method of claim 1 8, wherein the recipient private 
key/ public key pair is generated using system parameters issued by one or more of the 
authorizers authorizor . 

25. (Original) The method of claim 1 8, wherein the recipient decryption key is 
related to the root key generation secret and the associated root key generation parameter. 

26. (currently amended) The method of claim 18, wherein the plurality of 
authorizers further includes at least m lower-level authorizers in the hierarchy between the 
root authorizer and the sender, wherein m > 1, and wherein / of the m authorizers in the 
hierarchy are common ancestors to both the sender and the recipient, wherein authorizer is 
the lowest common ancestor authorizer between the sender and the recipient, and wherein / 
> 1, the m e thod the public-key encryption scheme further comprising: 
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selecting a lower-level key generation secret for each of the m lower-level 
authorizers in the hierarchy between the root authorizer and the sender; and 

generating a sender decryption key such that the sender decryption key is related to 
at least the root key generation secret and one or more of the m lower-level key generation 
secrets associated with the m lower-level authorizers in the hierarchy between the root 
authorizer and the sender; 

wherein the message is encrypted using at least the sender decryption key and one or 
more of the lower-level key generation parameters associated with the (m - 1 +1) authorizers 
between the root authorizer and the sender that are at or below the level of the lowest 
common ancestor authorizer/, but not using any of the lower-level key generation parameters 
that are associated with the (/ - 1) authorizers above the lowest common ancestor authoriz e r^ 
authorizes ; and 

wherein the ciph e rt e xt encrypted digital message is decrypted using at least the 
recipient decryption key and one or more of the lower-level key generation parameters 
associated with the (« - / + 1) authorizers between the root authorizer and the sender that are 
at or below the level of the lowest common ancestor authorizer/, but not using any of the 
lower- level key generation parameters that are associated with the (I - I) authorizers that 
above the lowest common ancestor authorizer/. 

27-116. (cancelled) 

117. (new) The method of claim 1 wherein the method comprises the operation 
(R) performed by the recipient. 
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118. (new) The method of claim 1 wherein the method comprises the operation 
(Au) performed by the authorizer. 

119. (new) The method of claim 1 wherein the method comprises the operation (S) 
performed by the sender. 

120. (new) The method of claim 1 wherein the method comprises the operation 
(R) performed by the recipient and the operation (Au) performed by the authorizer. 

121 . (new) The method of claim 1 wherein the method comprises the operation 
(Au) performed by the authorizer and the operation (S) performed by the sender. 

122. (new) The method of claim 1 wherein the method comprises the operation 
(R) performed by the recipient and the operation (S) performed by the sender. 

123. (new) The method of claim 1 wherein the method comprises the operation 
(R) performed by the recipient, the operation (Au) performed by the authorizer, and the 
operation (S) performed by the sender. 

124. (new) The method of claim 1 wherein the operation (b) is performed by the 
authorizer and/or the recipient and/or the sender. 

125. (new) The method of claim 2 wherein the method comprises the operation 

(b). 

126. (new) The method of claim 3 wherein the method comprises the operation 

(b). 

1 26. (new) The method of claim 4 wherein the method comprises the operation 

(b). 



M-16094 US Amendment - oaof8-15-08.DOC 



-11- 



Application No. 10/521,741 



127. (new) The method of claim 5 wherein the method comprises the operation 

(b). 



128. (new) The method of claim 6 wherein the method comprises the operation 
(Au) performed by the authorizer. 

129. (new) The method of claim 7 wherein the method comprises the operation 

(b). 

130. (new) The method of claim 9 wherein the method comprises the operation 
(Au) performed by the authorizer. 

131. (new) The method of claim 1 0 wherein the method comprises the operation 
(Au) performed by the authorizer. 

132. (new) The method of claim 1 1 wherein the method comprises the operation 
(Au) performed by the authorizer. 

133. (new) The method of claim 12 wherein the method comprises the operation 
(Au) performed by the authorizer. 

134. (new) The method of claim 13 wherein the method comprises the operation 
(Au) performed by the authorizer. 

135. (new) The method of claim 14 wherein the method comprises the operation 
(Au) performed by the authorizer. 

136. (new) The method of claim 15 wherein the method comprises the operation 
(S) performed by the sender. 
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137. (new) The method of claim 16 wherein the method comprises the operation 
(Au) performed by the authorizer. 



138. (new) The method of claim 16 wherein the method comprises the operation 
(R) performed by the recipient. 

139. (new) The method of claim 17 wherein the method comprises the operation 
(S) performed by the sender. 

140. (new) The method of claim 1 8 wherein the method comprises the operation 
(R) performed by the recipient. 

141 . (new) The method of claim 1 8 wherein the method comprises the operation 
(RAu) performed by the root authorizer. 

142. (new) The method of claim 1 8 wherein the method comprises the operation 
(Au) performed by one of the authorizers. 

143. (new) The method of claim 1 8 wherein the method comprises the operation 
(S) performed by the sender. 

144. (new) The method of claim 1 8 wherein the method comprises the operation 
(R) performed by the recipient and the operation (Au) performed by one of the authorizers. 

145. (new) The method of claim 1 8 wherein the method comprises the operation 
(R) performed by the recipient and the operation (S) performed by the sender. 

146. (new) The method of claim 1 8 wherein the method comprises the operation 
(Au) performed by one of the authorizers and the operation (S) performed by the sender. 
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147. (new) The method of claim 1 8 wherein the method comprises the operation 
(R) performed by the recipient, the operation (Au) performed by one of the authorizers, and 
the operation (S) performed by the sender. 

148. (new) The method of claim 1 8 wherein the method comprises the operation 

(b). 

149. (new) The method of claim 1 9 wherein the method comprises the operation 

(b). 

1 50. (new) The method of claim 20 wherein the method comprises the operation 

(b). 

151. (new) The method of claim 2 1 wherein the method comprises the operation 

(b). 

1 52. (new) The method of claim 22 wherein the method comprises the operation 

(b). 

153. (new) The method of claim 23 wherein the method comprises the operation 
(Au) performed by one of the authorizers. 

1 54. (new) The method of claim 25 wherein the method comprises the operation 
(Au) performed by one of the authorizers. 

1 56. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 1 . 

1 57. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 5. 
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1 58. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 9. 

1 59. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 10. 

1 60. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 1 1 . 

161. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 13. 

1 62. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 15. 

163. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 16. 

1 64. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 17. 

1 65 . (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 18. 

166. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 20. 

1 67. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 22. 
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1 68. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 23. 

169. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 26. 

1 70. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 117. 

171. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 118. 

1 72. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 1 19. 

1 73 . (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 123. 

1 74. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 127. 

175. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 130. 

1 76. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 136. 

1 77. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 140. 
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1 78. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 141 . 

179. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 142. 

1 80. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 143. 

181. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 147. 

1 82. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 150. 

183. (new) A manufacture comprising a computer-readable computer program 
operable to cause a computer to perform the method of claim 1 52. 
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